Bug 1912328 - Permit stat for allowed files in GMP process sandbox. r=gcp,gerard-majax, a=dmeehan

After updating the Widevine plugin to 4.10.2830.0, we would crash on startup of the plugin because it attempted to use the stat syscall. Allow uses of stat for files that we have already opened / allowed access to in the GMP sandbox. Differential Revision: https://phabricator.services.mozilla.com/D218855
2024-11-27 06:43:32 +00:00 · 2024-08-09 19:24:35 +00:00 · 2024-08-09 19:24:35 +00:00 · c3cd1fe30a
commit c3cd1fe30a
parent 4b856a507d
1 changed files with 23 additions and 0 deletions
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@ -1666,6 +1666,24 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
    return fd;
  }

+#if defined(__NR_stat64) || defined(__NR_stat)
+  static intptr_t StatTrap(const sandbox::arch_seccomp_data& aArgs, void* aux) {
+    const auto* const files = static_cast<const SandboxOpenedFiles*>(aux);
+    const auto* path = reinterpret_cast<const char*>(aArgs.args[0]);
+    int fd = files->GetDesc(path);
+    if (fd < 0) {
+      // SandboxOpenedFile::GetDesc already logged about this, if appropriate.
+      return -ENOENT;
+    }
+    auto* buf = reinterpret_cast<statstruct*>(aArgs.args[1]);
+#  ifdef __NR_fstat64
+    return DoSyscall(__NR_fstat64, fd, buf);
+#  else
+    return DoSyscall(__NR_fstat, fd, buf);
+#  endif
+  }
+#endif
+
  static intptr_t UnameTrap(const sandbox::arch_seccomp_data& aArgs,
                            void* aux) {
    const auto buf = reinterpret_cast<struct utsname*>(aArgs.args[0]);
@ -1713,6 +1731,11 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
      case __NR_openat:
        return Trap(OpenTrap, mFiles);

+#if defined(__NR_stat64) || defined(__NR_stat)
+      CASES_FOR_stat:
+        return Trap(StatTrap, mFiles);
+#endif
+
      case __NR_brk:
        return Allow();
      case __NR_sched_get_priority_min: